Friday, 15 January 2016

Malware spam FAIL: "Statement" / Kelly Pollard []

This fake financial spam is meant to have a malicious attachment, but it is corrupt:

From     Kelly Pollard []
Date     Fri, 15 Jan 2016 13:56:01 +0200
Subject     Statement

Your report is attached in DOC format.

Kelly Pollard
Marketing Manager
Tel: 01204 89 54 10    Fax: 01204 89 54 11

[final care corner logo]
The attachment is named Statement 012016.doc but due to an error in the email it is corrupt, and is either zero length or will produce garbage. If it were to work, it would produce a payload similar to that found here and here, namely the Dridex banking trojan. This is the third corrupt Dridex run today. Shame.


  1. I just got this email - it looked kinda legit so was sorely tempted to open it. Thank you for your advice!

  2. my father opend the dokument, it was blank. How can we check if we got infected? he can´t remember if it opend in secured modus. He is pretty sure there was no repair request.

  3. @Mo N - you cannot get infected from this particular spam run sent on this day.

  4. @Conrad

    thanks a lot, so I misunderstood and it´s not a trojan? you made my day sir

  5. @Mo N - it *is* a trojan, but they messed it up and it is harmless unless you go through several rather complex steps to recover the entire message, and extract and correct the faulty code.. and then run it :)

  6. I received this on 15/01/2016 8:49 PM sent to my office email. Thanks for this info Conrad
